Mikogo 5.4.1.160608 Local Credentials Disclosure

Summary Mikogo is a desktop sharing software application for web conferencing and remote support, and is provided by the online collaboration provider, BeamYourScreen GmbH. Mikogo provides its software as native downloads for Windows, Mac OS X, Linux, iOS and Android. Description Mikogo is...

TrendMicro OfficeScan 11.0 / XG (12.0) Auth Start Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com...

Trend Micro OfficeScan 11.0XG (12.0) - Code Execution Memory Corruption

Trend Micro OfficeScan 11.0XG 12.0 - Code Execution Memory Corruption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt +...

(0Day) Eaton ELCSoft Device Comment Range Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a...

Microsoft Internet Explorer JavaScript WeakMap Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Edge Undo Command Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

qemu security update

CentOS Errata and Security Advisory CESA-2017:2445 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation

VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege...

VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation

VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1296 VirtualBox: Windows Process DLL UNC Path Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevatio...

VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process...

CentOS Update for qemu-img CESA-2017:1681 centos7

Check the version of qemu-img SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882749";...

openSUSE Security Update : sudo (openSUSE-2017-744)

This update for sudo fixes the following security issue : - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

GLSA-201706-18 : mbed TLS: Multiple vulnerabilities (SLOTH)

The remote host is affected by the vulnerability described in GLSA-201706-18 mbed TLS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in mbed TLS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary co...

Ubuntu: Security Advisory (USN-3334-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WMI Event Subscription Persistence

This module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods. The EVENT method will create an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified...

ctdb, libsmbclient, libwbclient, samba security update

CentOS Errata and Security Advisory CESA-2017:1265 An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Privilege escalation

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none...

Apple Safari WebKit JSString Use After Free Code Execution (CVE-2017-2491)

Safari is a web browsing application developed by Apple. Safari browsing functionality is built around the set of components called WebKit. WebKit is a development toolkit which allows third party developers to build applications that use Internet technologies such as HTML, HTTP, and others. A...

Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1136 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to write up to 4GB of controlled data out of bounds in the trusted userla...